法律

隐私政策

最后更新：2026 年 3 月

速览:FSB 完全在你的浏览器内运行。不收集任何浏览数据。API Key 在本地通过 AES-GCM 加密。AI 调用直接从浏览器发往你选择的提供商。后台智能体使用的可选中继服务器仅存储运行元数据，绝不存储页面内容。记忆数据保留在你的设备上。一切均开源可审计。

数据收集

FSB 完全在你的浏览器内运行。扩展只有在你启动自动化任务时，才会访问当前活动标签页的 DOM（文档对象模型）。

不收集或保存当前会话之外的任何浏览历史
DOM 数据在本地分析，每次自动化步骤后即丢弃
不从你访问的页面采集任何个人信息

FSB 请求的 Chrome 权限

为了执行网页自动化，FSB 在其 Chrome 清单中声明以下权限。每项仅用于其记录的用途；不会以任何一项为依据将数据发送至设备外。

DOM 与标签页 — activeTab、scripting、tabs、windows、sidePanel 以及主机权限 <all_urls>：读写当前活动标签页、注入自动化内容脚本、列出与切换标签页、以及渲染侧边栏
高级自动化 — debugger：附加 Chrome DevTools Protocol，用于普通 DOM API 无法执行的基于坐标的点击、拖动和按键保持操作。webNavigation：观察导航开始/结束事件，使自动化等待合适的时机
本地存储 — storage、unlimitedStorage：将你的设置、凭据、付款方式和记忆保存在设备的 chrome.storage.local 中。无限存储解除了默认的 10 MB 配额，使记忆和会话日志能够持续增长而不会触顶
UX 辅助功能 — clipboardWrite：将自动化的复制到剪贴板结果写入剪贴板。alarms：调度后台维护任务。offscreen：在隐藏文档中托管语音转文字录音器，因为 service worker 无法直接捕获音频

语音转文字所需的麦克风访问权限未在清单中声明。当你首次使用麦克风按钮时，Chrome 会自行弹出权限请求。

数据存储

所有设置和数据都保存在 Chrome 扩展的本地存储中。FSB 对 API Key 等敏感数据使用 AES-GCM 加密。

配置保存在 chrome.storage.local 中
API Key 在保存前会使用 AES-GCM 加密
会话日志保存在本地，可随时清除
分析数据（任务计数、成功率）保留在你的设备上

外部服务

FSB 仅在你配置并使用托管提供商时，才与外部 AI 提供商通信。如果你使用 LM Studio，AI 请求会通过其本地 OpenAI 兼容服务器留在本机。提供商选择与发送的数据完全由你掌控。

托管 API 调用只会发往你选择的提供商（xAI、OpenAI、Anthropic、Google 或 OpenRouter)
LM Studio 在你的设备上使用本地 OpenAI 兼容服务器，且无需 API Key
发送的数据包括：任务描述、DOM 结构摘要以及动作上下文
如果你使用远程控制台或后台智能体同步，会有可选的中继服务器负责 WebSocket 消息，并存储智能体运行元数据（任务名称、成本、时长、成功/失败）。服务器不存储页面内容、DOM 数据或 AI 响应。该功能仅在你选择开启时生效
每个提供商都有自己的隐私政策，规定其如何处理 API 请求

无第三方跟踪

FSB 不包含任何第三方分析、广告跟踪器或跨站点指纹识别。除你显式配置的 AI 提供商 APIs 之外，没有 Cookie，也没有第三方脚本。FSB 向自身发送的唯一第一方数据是下面描述的可选退出的匿名使用遥测，仅用于驱动公开的 /stats 仪表板。

API Key

你的 API Key 会在保存前通过 AES-GCM 在本地加密。除了你配置的 AI 提供商之外，绝不会发送到任何地方，且只在 API 请求的身份验证头中使用。

Key 在 Chrome 存储中以加密形式静态保存
仅在 API 调用时在内存中解密
Key 绝不会被记录、导出或共享

自动密码

FSB 提供可选的凭据管理器，将登录凭据加密保存到你的设备。密码不会暴露给 AI 模型，而是由内容脚本直接填入页面，完全绕过 AI。

凭据在静态保存时使用 256 位密钥和 PBKDF2 派生密钥的 AES-GCM 加密
AI 分析页面时，密码字段的值会被替换为 [hidden]。真实密码绝不会出现在任何 AI 提示中
自动填充由内容脚本将值直接注入 DOM 完成，凭据流程中没有 AI 参与
凭据列表视图仅显示用户名和域名。密码只在自动填充需要时单独解密
凭据按域名存储，并具备父域回退（例如 accounts.google.com 会继承 google.com)

付款方式

FSB 包含一个可选的付款方式保险库，将卡片信息保存在你的设备上以便结账时自动填写。卡片采用与登录凭据相同的加密与 AI 隔离机制，完整的卡号绝不会发送给任何 AI 模型。

卡片信息（卡号、有效期、持卡人和邮编）使用与凭据相同的保险库派生密钥，通过 AES-GCM 在静态时加密
当 AI 分析结账页面时，检测到的卡号字段值会在构建提示词之前被替换为 [hidden]。卡号、CVV 和有效期绝不会包含在任何 AI 提示词中
自动填写由内容脚本直接写入页面的 DOM 字段完成，完全绕过 AI
列表视图仅显示卡片别名与后 4 位数字。完整卡号仅在填写的那一刻在内存中解密
MCP 客户端可以通过 use_payment_method 请求执行付款自动填写，但在任何卡片数据写入页面之前，会在扩展内向用户显示确认提示
除非你为某张卡片明确启用，否则 CVV 永远不会被持久保存；即使启用，它也会与记录的其余部分一起加密

语音转文字

FSB 在提示词输入框中包含一个可选的麦克风输入。默认提供商完全在你的浏览器中运行；如果你需要更高的准确性，可在设置中启用可选的 OpenAI Whisper 后备方案。

默认提供商：浏览器原生的 SpeechRecognitionAPI。音频由 Chrome 处理，绝不会通过 FSB 离开你的设备
可选的 Whisper 提供商：当 sttProvider 设置为 whisper 且配置了 OpenAI 密钥时，录制的音频片段会从你的浏览器直接上传到 OpenAI 的转录接口。FSB 从不查看或存储该音频
麦克风仅在你按住或已切换开启麦克风按钮的期间处于活动状态。首次使用时 Chrome 会请求权限；FSB 不会在扩展清单中请求麦克风访问权限
转录结果只插入到提示词文本框中，绝不会在你选择发送的活跃 AI 请求之外被记录、保存或传输
通过不触碰麦克风按钮，或在 Chrome 扩展存储中清除可选的 Whisper 提供商，即可完全禁用语音功能

防止提示词注入

网页可能包含旨在劫持 AI 智能体的隐藏文本。FSB 通过多层防御确保 AI 只遵循你的指令，绝不执行嵌入在页面内容中的指令。

所有页面内容都被包裹在 [PAGE_CONTENT] 边界标记内，并指示 AI 永远不要执行其中的指令
在内容到达 AI 之前，清洗引擎会剥离已知的注入模式（例如“忽略以上指令”、伪造的系统提示、覆盖请求）
AI 生成的动作会在执行前进行验证。危险 URL（javascript:、data:）和脚本注入尝试将被阻止
只允许执行严格白名单上的 50 多种已知工具。AI 无法发明或调用任意动作
内容大小有上限（单值 500 字符，提示总上限 15K），限制有效载荷投递
网站嵌入的不可见 Unicode 控制字符会在处理前被剥离

后台智能体与服务器同步

已在 v0.9.45rc1 中弃用。FSB 内置的后台代理已被 OpenClaw 与 Claude Routines 取代，远程控制现由 Sync 标签页负责。下方披露内容仍为仍在运行 v0.9.44 或更早版本的用户保留；在当前构建中，仅在你配对 Sync 会话时才会联系中继服务器。

若启用后台智能体的服务器同步或远程控制台配对，会有一台中继服务器在扩展与控制台之间转发通信。

服务器会保存：智能体定义（名称、计划、目标 URL）、运行指标（Token 数、成本、时长、成功/失败状态）、会话配对令牌
服务器不保存：页面内容、DOM 数据、浏览历史、AI 提示、AI 响应或你访问页面中的任何数据
身份验证使用本地生成的哈希 Key，以及 24 小时后失效的会话令牌
一次性配对令牌在 60 秒后失效，无法重复使用
服务器同步默认关闭，需要你在“选项”中显式启用

记忆系统

FSB 的记忆系统会沉淀导航模式和站点情报，让自动化随时间持续优化。

所有记忆数据（语义、情景、过程）都保存在 chrome.storage.local 中
记忆数据不会发送到任何外部服务器
你可在选项控制台中随时查看并清除记忆
站点地图和导航模式按域名隔离，互不影响

匿名使用遥测

FSB v0.9.69 引入了一个可选退出的匿名使用遥测管道，使项目能够在不接触你浏览的任何页面的前提下，发布聚合的采用数据（参见 /stats）。遥测默认启用，但可以通过一个开关禁用，并且按安装的数据可根据请求被擦除。

我们收集的内容

每次安装随机生成的 UUID，存储在 chrome.storage.local 的键 fsbInstallUuid 下。UUID 在本地生成，永不与你的身份关联。
所使用的 MCP 客户端名称（例如 Claude Code、Cursor、Codex），取自固定的允许列表。
会话中使用的模型名称（例如 grok-4-fast、claude-opus-4），取自固定的允许列表。
每个会话的输入/输出 token 数量聚合值。
你的安装上活跃的 FSB 代理数量（一个整数值）。

我们不收集的内容

页面 URLs、主机名或浏览历史。
提示、指令、任务描述或你发送给模型提供商的任何自然语言文本。
页面 DOM、屏幕截图、页面内容或 AI 响应。
明文 IP 地址。服务器使用按日轮换的盐对请求 IP 进行哈希用于限流，并立即丢弃。
姓名、用户名、账号 handle 或任何自由文本身份字段。
电子邮件地址、电话号码或联系信息。

保留期

原始事件保留 7 天。每日汇总（每安装每天一行）保留 365 天。全局聚合（每天一行，不按安装维度）无限期保留，以便 /stats 上的历史图表保持稳定。

如何选择退出

打开 FSB 控制面板，滚动到"高级设置"，将 发送匿名使用数据 开关关闭。更改立即生效；之后不会再从你的安装发送事件。

如何擦除你的数据

若要请求擦除与你的安装关联的所有遥测行（GDPR 第 17 条），请在 ChromeDevTools → Application → Storage → Extension storage 中查找你的 fsbInstallUuid，然后发送一次 HTTP 请求：

curl -X POST -H "Content-Type: application/json" \
  -d '{"install_uuid":"<your-uuid>"}' \
  https://full-selfbrowsing.com/api/telemetry/forget

Limited Use 合规声明

FSB 的匿名使用遥测仅用于计算在 full-selfbrowsing.com/stats 公开展示的聚合使用统计。数据从不出售、从不与第三方共享、从不用于广告，且从不用于训练任何机器学习模型。此承诺满足 Chrome Web Store 的 Limited Use 要求。

聚合的公开指标

我们在 /stats 发布来自此遥测管道的聚合指标。仅展示计数和总数；每安装的行从不暴露。

开源

FSB 采用 BSL 1.1 许可完全开源。你可以审计每一行代码，以核实这些隐私声明。源码托管在 GitHub 上。

本政策的变更

若本政策更新，变更将体现在页面顶部的“最后更新”日期。重要变更也会在项目的 GitHub 发布说明中注明。

联系方式

如对本隐私政策或 FSB 的数据处理有任何疑问，请在 GitHub Issues 上发起 issue。

政策历史

下面的每一条都是隐私政策在所示日期时的快照。旧版本会逐字保留，以便你可以审计我们在任何时间点的承诺。快照仅以英文提供。

May 2026v0.9.69 — Anonymous Usage Telemetry, Speech-to-Text, Payment Methods, expanded permissions, Background Agents deprecated (full archived text)

Archived copy of the privacy policy as it stood in May 2026. This is the same body rendered on the live page above; it is captured here so the snapshot remains available verbatim once the next policy update lands.

TLDR: FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Chrome permissions FSB requests

To run web automation, FSB declares the following permissions in its Chrome manifest. Each is used only for the documented purpose; nothing is sent off-device on the strength of any of them.

DOM and tabs — activeTab, scripting, tabs, windows, sidePanel, and host permission <all_urls>: read and write the active tab, inject the automation content script, list and switch tabs, and render the side panel
Advanced automation — debugger: attach the Chrome DevTools Protocol for coordinate-based clicks, drag, and key-hold actions that the regular DOM API cannot perform. webNavigation: observe navigation start/finish events so automation waits for the right moment
Local storage — storage, unlimitedStorage: store your settings, credentials, payment methods, and memory in chrome.storage.local on your device. Unlimited storage lifts the default 10 MB quota so memory and session logs can grow without hitting a wall
UX helpers — clipboardWrite: write copy-to-clipboard results from automation. alarms: schedule background housekeeping. offscreen: host the speech-to-text recorder in a hidden document because service workers cannot capture audio directly

Microphone access for speech-to-text is not declared in the manifest. Chrome shows its own permission prompt the first time you use the mic button.

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

FSB communicates with external AI providers only when you configure and use a hosted provider. If you use LM Studio, AI requests stay on your machine through its local OpenAI-compatible server. The choice of provider and what data is sent is under your control.

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
Sent data includes: task description, DOM structure summary, and action context
If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
Each provider has their own privacy policy governing how they handle API requests

No Third-Party Tracking

FSB does not include any third-party analytics, ad trackers, or cross-site fingerprinting. There are no cookies and no third-party scripts beyond the AI provider APIs you explicitly configure. The one piece of first-party data FSB sends home is the opt-out Anonymous Usage Telemetry described below, used solely to power the public /stats dashboard.

API Keys

Your API keys are encrypted locally using AES-GCM before being stored. They are never transmitted anywhere except to the AI provider you configured, and only as authentication headers in API requests.

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

FSB includes an optional credential manager that stores login credentials encrypted on your device. Passwords are never exposed to AI models. They are filled directly into pages by the content script, bypassing the AI entirely.

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Payment Methods

FSB includes an optional payment-method vault that stores card details on your device for checkout auto-fill. Cards are treated with the same encryption and AI isolation as login credentials, and the full card number is never sent to any AI model.

Card details (number, expiry, cardholder, and zip) are encrypted at rest using AES-GCM with the same vault-derived key used for credentials
When the AI analyzes a checkout page, any detected card-number field values are replaced with [hidden] before the prompt is built. Card numbers, CVV, and expiry are never included in any AI prompt
Auto-fill happens via the content script writing directly into the page's DOM fields, bypassing the AI entirely
The list view shows only a card nickname and last-4 digits. Full numbers are decrypted in memory only at the moment of fill
An MCP client can request a payment fill via use_payment_method, but the user is shown an in-extension confirmation prompt before any card data is written into the page
CVV is never persisted unless you opt in per-card, and even then it is encrypted alongside the rest of the record

Speech-to-Text

FSB includes an optional microphone input for the prompt box. The default provider runs entirely in your browser; an optional OpenAI Whisper fallback can be enabled in settings if you want higher accuracy.

Default provider: the browser's native SpeechRecognition API. Audio is processed by Chrome and never leaves your device through FSB
Optional Whisper provider: when sttProvider is set to whisper and an OpenAI key is configured, recorded audio chunks are uploaded directly from your browser to OpenAI's transcription endpoint. FSB never sees or stores the audio
The microphone is only active while you are holding or have toggled the mic button. Chrome prompts for permission the first time you use it; FSB does not request microphone access in the extension manifest
Transcripts are inserted into the prompt textarea only and are never logged, persisted, or transmitted outside the active AI request you choose to send
Disable speech entirely by leaving the mic button untouched, or by clearing the optional Whisper provider in Chrome extension storage

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict, fixed allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Background Agents and Server Sync

Deprecated in v0.9.45rc1. FSB's built-in Background Agents have been superseded by OpenClaw and Claude Routines, with remote control now handled by the Sync tab. The disclosures below are retained for users still running v0.9.44 or earlier; on current builds the relay server is only contacted when you pair a Sync session.

If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.

The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
One-time pairing tokens expire after 60 seconds and cannot be reused
Server sync is disabled by default. You must explicitly enable it in Options

Memory System

FSB's memory system stores navigation patterns and site intelligence to improve automation over time.

All memory data (semantic, episodic, procedural) is stored locally in chrome.storage.local
No memory data is sent to any external server
Memory can be viewed and cleared at any time from the Options dashboard
Site maps and navigation patterns are domain-specific and isolated from each other

Anonymous Usage Telemetry

FSB v0.9.69 introduced an opt-out anonymous usage telemetry pipeline so the project can publish aggregate adoption numbers (see /stats) without ever touching the pages you browse. Telemetry is on by default but can be disabled with a single toggle, and the per-install data can be erased on request.

What we collect

A random per-install UUID stored in chrome.storage.local under the key fsbInstallUuid. The UUID is generated locally and never tied to your identity.
The name of the MCP client used (e.g. Claude Code, Cursor, Codex), drawn from a fixed allowlist.
The model name used for a session (e.g. grok-4-fast, claude-opus-4), drawn from a fixed allowlist.
Aggregate input/output token counts per session.
The number of active FSB agents on your install (an integer count).

What we do NOT collect

Page URLs, hostnames, or browsing history.
Prompts, instructions, task descriptions, or any natural-language text you send to your model provider.
Page DOM, screenshots, page content, or AI responses.
Plaintext IP addresses. The server hashes the request IP with a daily-rotating salt for rate limiting and discards it.
Names, usernames, account handles, or any free-form identity fields.
Email addresses, phone numbers, or contact information.

Retention

Raw events are retained for 7 days. Daily rollups (one row per install per day) are retained for 365 days. Global aggregates (one row per day, no per-install dimension) are retained indefinitely so historical charts on /stats remain stable.

How to opt out

Open the FSB Control Panel, scroll to Advanced Settings, and toggle Send anonymous usage data off. The change takes effect immediately; no further events will be sent from your install.

How to erase your data

To request erasure of all telemetry rows associated with your install (GDPR Article 17), look up your fsbInstallUuid in Chrome DevTools → Application → Storage → Extension storage, then send a single HTTP request:

curl -X POST -H "Content-Type: application/json" \
  -d '{"install_uuid":"<your-uuid>"}' \
  https://full-selfbrowsing.com/api/telemetry/forget

Limited Use affirmation

FSB's anonymous usage telemetry is used only to compute aggregate usage statistics displayed publicly at full-selfbrowsing.com/stats. The data is never sold, never shared with third parties, never used for advertising, and never used to train any machine-learning models. This commitment satisfies the Chrome Web Store's Limited Use requirement.

Aggregated public metrics

We publish aggregated metrics derived from this telemetry pipeline at /stats. Only counts and totals are shown; no per-install row is ever exposed.

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

March 2026v0.9.2 — Background Agents, Memory System, Server Sync (full archived text)

Archived copy of the privacy policy as it stood in March 2026, prior to the v0.9.69 telemetry, speech-to-text, and payment-method additions. Reproduced verbatim except for whitespace.

TLDR FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
Sent data includes: task description, DOM structure summary, and action context
If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
Each provider has their own privacy policy governing how they handle API requests

No Tracking

FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.

API Keys

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict allowlist of 50+ known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Background Agents and Server Sync

If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.

The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
One-time pairing tokens expire after 60 seconds and cannot be reused
Server sync is disabled by default. You must explicitly enable it in Options

Memory System

FSB's memory system stores navigation patterns and site intelligence to improve automation over time.

All memory data (semantic, episodic, procedural) is stored locally in chrome.storage.local
No memory data is sent to any external server
Memory can be viewed and cleared at any time from the Options dashboard
Site maps and navigation patterns are domain-specific and isolated from each other

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

February 2026v0.9 — Initial privacy policy (full archived text)

Archived copy of the initial privacy policy as it stood in February 2026, before Background Agents, Memory System, OpenRouter, and LM Studio support were added. Reconstructed from the March 2026 snapshot by removing the sections that did not yet exist; the wording of sections that were already present is preserved verbatim.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

FSB communicates with external AI providers only when you configure and use a hosted provider. The choice of provider and what data is sent is under your control.

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, or Google Gemini)
Sent data includes: task description, DOM structure summary, and action context
Each provider has their own privacy policy governing how they handle API requests

No Tracking

FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.

API Keys

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.